Recently, we wrote a lot about facial recognition and its many use cases across various industries. Facial biometrics becomes a new security standard in KYC, customer onboarding, enrollment, biometric fraud prevention and online transactions regulation — all possible situations where the user identity needs to be verified remotely. Since all these services operate with sensitive data, they need an additional layer of security which is liveness detection.
Despite being as sophisticated as they are, biometric systems are vulnerable to spoofing attacks — fraudulent attempts targeted at hacking into online accounts or corporate systems during remote onboarding or authentication.
An anti-scamming mechanism in face recognition is called face anti-spoofing (FAS), or liveness detection. During a liveness test, a system detects if it interacts with a "real" person or a spoof artefact used by a bad actor: a face photo, video recording, a realistic mask or a deepfake puppet.
There are two types of biometric liveness detection: passive and active.
Most FAS technologies rely on passive observation through software that detects such details as eye movement, blinking, lip movement, etc. It requires no prompted action from a user.
During an active liveness detection session, a person may be required to show their ID on a video call to confirm their identity or make a gesture or movement like turn their head, smile, or correctly position their face in the frame. It is called a "challenge-response" approach.
More complex hardware-assisted methods utilise technologies, such as 3D and infrared measurements (edge, depth, motion detection, skin texture) for spoof detection, however, this will require expensive server-side and client-side hardware.
Facial recognition helps us pinpoint the presence of a face in an image and even identify a person. However, it cannot confirm whether the person in the photo or avatar is indeed someone attempting to bypass authorisation at a given moment. The top presentation attacks in face liveness verification are:
On top of that, recent studies say that the alarming 61% of users don't change their passwords, and 70% of millennials use a maximum of 2 passwords — all either for fear of forgetting them or because setting up more complex passwords would require too much effort. Therefore, a biometric system must recognise fakes to maintain the integrity of the data it protects.
Facial liveness detection is crucial for the accuracy of authentication, primarily when the facial recognition system operates without human supervision. Use cases include:
Digital account security. Liveness detection ensures only real humans can access and create online accounts, and they need to be physically present to pass the authentication.
Password protection. Biometric liveness anti-spoofing adds a new layer of security in multi-factor authentication and eliminates the risk of tricking into the system with stolen or compromised credentials.
Anti-spoofing in banking and online financial services. Liveness detection is an essential part of the KYC process during online customer onboarding, financial operations, mobile banking, cardless ATM cash withdrawals, microfinancing and other services.
Securing the digital customer. Checking for liveness is critical to verify the user's age before allowing them to access age-restricted content, and in all other cases where face biometrics is needed to verify a person's identity.
By the way, if you want to know which areas of our daily lives facial recognition applies to, we recommend that you read our article linked below.
Recommended reading: Face ID — Fields of Application
We’ve developed Face ID as a fully integrated facial recognition service with an additional liveness detection mechanism, which Evergreen's corporate clients are already using. It is a tool for remote user verification and identification, and we use smile-based video selfies to detect a person’s liveness.